Skip to content

Commit

Permalink
Merge pull request #39 from hardening-io/su_mode
Browse files Browse the repository at this point in the history 
Add mode to su-binary task. Fix #38
  • Loading branch information
@chris-rock
chris-rock committed Sep 1, 2015
2 parents b05517c + 1ff939d commit 91ecc19
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 3 deletions.
2 changes: 1 addition & 1 deletion .travis.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,4 +11,4 @@ install:

script:
- ansible-playbook --syntax-check spec/travis.yml
- ansible-playbook --sudo -v --diff spec/travis.yml --skip-tags "sysctl"
- ansible-playbook --sudo -v --diff spec/travis.yml --skip-tags "sysctl" --extra-vars "os_security_users_allow=change_user"
4 changes: 2 additions & 2 deletions roles/ansible-os-hardening/tasks/minimize_access.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,5 +14,5 @@
file: dest='/etc/shadow' owner=root group=root mode=0600

- name: change su-binary to only be accessible to user and group root
file: dest='/bin/su' owner=root group=root mode
when: security_users_allow|default(None) != None
file: dest='/bin/su' owner=root group=root mode=0750
when: os_security_users_allow != None

0 comments on commit 91ecc19

Please sign in to comment.